macOS

Documentation

macOS

                     ..'          MacBook Pro M3 Max 14-inch / 96 GB Ram / 2 TB
                 ,xNMM.           -----------------
               .OMMMMo            OS: macOS Sonoma 14.7.7 (23H723) arm64
               lMM"               Host: Nov 2023, Three Thunderbolt4 ports
     .;loddo:.  .olloddol;.       Kernel: Darwin 23.6.0
   cKMMMMMMMMMMNWMMMMMMMMMM0:     Uptime: 2 days, 23 hours, 34 mins
 .KMMMMMMMMMMMMMMMMMMMMMMMWd.     Packages: 255 (brew), 91 (brew-cask)
 XMMMMMMMMMMMMMMMMMMMMMMMX.       Shell: zsh 5.9
;MMMMMMMMMMMMMMMMMMMMMMMM:        Display (DELL U4323QE): 6400x3600 @ 2x in 42", 60 Hz [External] *
:MMMMMMMMMMMMMMMMMMMMMMMM:        Display (DELL P2415Q): 2160x3840 @ 2x in 24", 60 Hz [External]
.MMMMMMMMMMMMMMMMMMMMMMMMX.       WM: Quartz Compositor 175.400
 kMMMMMMMMMMMMMMMMMMMMMMMMWd.     WM Theme: Multicolor (Light)
 'XMMMMMMMMMMMMMMMMMMMMMMMMMMk    Theme: Aqua
  'XMMMMMMMMMMMMMMMMMMMMMMMMK.    Font: .AppleSystemUIFont [System], Helvetica [User]
    kMMMMMMMMMMMMMMMMMMMMMMd      Cursor: Fill - Black, Outline - White (63px)
     ;KMMMMMMMWXXWMMMMMMMk.       Terminal: ghostty 1.2.3
       "cooc*"    "*coo'"         Terminal Font: OperatorMono Nerd Font (14pt)
                                  CPU: Apple M3 Max (14) @ 4.06 GHz
                                  GPU: Apple M3 Max (30) @ 1.38 GHz [Integrated]
                                  Memory: 54.33 GiB / 96.00 GiB (57%)
                                  Swap: Disabled
                                  Disk (/): 1.66 TiB / 1.81 TiB (91%) - apfs [Read-only]
                                  Disk (/Volumes/Tarmac): 1.66 TiB / 1.81 TiB (91%) - apfs
                                  Disk (/Volumes/macBakup): 463.66 MiB / 3.64 TiB (0%) - apfs [External]
                                  Local IP (en8): 172.30.30.22/24
                                  Battery (bq40z651): 100% [AC connected]
                                  Power Adapter: 85W
                                  Locale: en_US.UTF-8

Core Filesystem Architecture

The macOS core filesystem is split by design, using a Signed System Volume (SSV) architecture.The System volume is immutable (read-only), while specific Data volumes and paths are writable.

High-Level Overview

Component	Writable
System volume	❌
Data volume	✅
Firmlinked paths	✅
Runtime storage	✅
Preboot / Recovery	❌
VM volume	✅

Core Filesystem Architecture

macOS uses a volume group: a single startup disk composed of multiple APFS volumes.

APFS Volume	Mount Point	Writable	Purpose
System	/	❌ No	OS binaries, frameworks (sealed)
Data	/System/Volumes/Data	✅ Yes	User data, apps, configs
Preboot	/System/Volumes/Preboot	❌ No	Boot loaders
Recovery	/System/Volumes/Recovery	❌ No	Recovery OS
Virtual Memory	/System/Volumes/VM /private/var/vm	✅ Yes	Swap, sleep, and VM state – used automatically by macOS so don’t modify manually

Access Control Mechanisms

Filesystem access is governed by multiple, layered mechanisms:

Mechanism	Control
POSIX permissions	chmod, chown
Root / sudo	Privilege escalation
SIP	Kernel/system protection
TCC (FDA)	Privacy & user data access

Firmlinks (Logical View)

Apple uses firmlinks so that Data volume content appears under /.

APFS Volume	Mount Point	Writable
/Users	Data	✅
/Applications (3rd-party)	Data	✅
/Library	Data	✅
/private/var	Data	✅
/opt	Data	✅
/usr/local	Data	✅

Writable Locations (Safe and Supported)

Area	Mount Point
User Data	/Users/ /Users/Shared
Application & App Support¹	/Applications (third-party apps only) /Library /Library/Application Support /Library/Preferences /Library/LaunchAgents /Library/LaunchDaemons
Developer / Tooling	/opt (Homebrew default on Apple Silicon) /usr/local
Daemon	/Library/LaunchDaemons
External Disk	/Volumes (mounted disks)

You can test whether a path is writable: touch /path/testfile. To inspect mounted filesystems: mount | grep " / ".

Ephemeral Storage (Runtime)

These locations are writable but volatile.

Component	Path	Writeable	Notes
Logs	Caches /private/var/log	✅	Rotated automatically
Databases	/private/var/db	✅	System state
Temp files	/private/var /private/tmp /tmp	✅	Cleared aggressively
Caches	/private/var/folders	✅	Volatile

Writable ≠ Accessible

Some writable paths require explicit permission. Accessing another user’s home directory triggers Transparency, Consent, and Control (TCC) restrictions, it overrides root.

macOS privacy framework treats each user’s home directory as private. Cross-user access is blocked even if:

You are root
File permissions allow access
SIP is disabled

Path	Writeable	Requirements
/Library	✅	Full Disk Access
/Users/	✅	Full Disk Access
External volumes	✅	User consent
Time Machine	✅	Backup entitlement

Granting Full Disk Access (FDA)

GUI

System Settings → Privacy & Security → Full Disk Access
Add Terminal, your script, or an admin tool
Restart the application

CLI (reset only)

tccutil reset All

It cannot grant Full Disk Access, approval requires user interaction or a MDM.

⚠️ /System/Applications is read-only ↩︎

MacBook Pro M3 Max
Model Identifier	Mac15,10 14 cores: 10 performance and 4 efficiency
Model Number	Z1AW001T1LL/A
Serial Number	2R9Y042R0
Memory	96 GB
Storage	APPLE SSD AP2048Z 2 TB • Macintosh HD / • Tarmac /System/Volumes/Data
System Firmware	11881.140.96
Volume UUID:	B8484307-07BC-447F-883C-74113B35FE64
Hardware UUID	279E39B4-8262-535A-B7BA-962189FDE824

Monitors
Dell UltraSharp 43 U4323QE	42.5-inch 4K 3840 x 2160
Dell 24 P2415Q Discontinued	24-inch 4K 3840 x 2160)

Bluetooth
Microsoft Surface Arc Mouse	E6:83:67:0C:FC:58
Kensington Expert Mouse Wireless Trackball	E0:48:B2:1A:B1:63 / ExpertBT5.0
Apple Watch	08:25:73:BF:95:E6
Apple iPhone NCC-80103	28:D5:B1:7B:B6:D7
Apple iPad NCC-80104	34:EE:16:9E:09:1E
AirPods Pro 3 with S/N • Case G4ND2CN46R • Left GMPHL00BRLF0000UHZ • Right GMVHL10AQB50000UHY	74:77:86:43:17:97
PTouch xx	98:6E:E8:4B:CE:A7 / PT-P710BT2248

Printers
DYMO LabelWriter Twin Turbo
EPSON XP-15000 Series	24-inch (2160 x 3840)
HP LaserJet
PTouch xx

Other World Computing Thunderbolt Pro Dock
Firmware	66.1 & Link: 1.44.0
10GBE RJ45	Aquantia AQC107 (AQC-113)
Card Readers	CFexpress Type B and SD4 (GL-3232S)
1x Type-C USB	USB 3.2 Gen 2 (Genesys GL3590)
3 x Type-A USB	USB 3.2 Gen 2 (Genesys GL3590)
Video	DisplayPort Port
3x Thunderbolt3/USB4 Bus	• Host • Bus 1 • Bus 1

USBs
USB Keyboard Discontinued	• WASD CODE ISO 87-key mechanical with Cherry MX Clear switches
Kensington Trackball	• Expert Mouse Wireless Trackball
XLR Microphone Interface	• Elgato Wave XLR • Newmann Microphone KMS 105 • Elgato Low Profile Microphone Arm
Stream Deck	• Elgato 15-Key Control Pad • Elgato Pedal
Video Camera	• Elgato FaceCam Pro – 4K60
Teleprompter	• Elgato Prompter • Elgato FaceCam – 1080p60 Discontinued
Powered Speakers	• Kanto Yu2
USB Hub • 4x USB-C & 3x USB-A	• Juiced VertexHUB
Scanner	• ScanSnap SV600 • ScanSnap IX-500 Discontinued

Lights
Keylight	• Elgato Key Light • Key Light Airt¹
Philips Hue	• Bridge • Motion sensor • Signe gradient floor lamp •/Go portable accent light

Mounts
Elgato Master Mount + Solid Arm
Monitor Arm
Laptop Mount
Power Bar	dd

Hardware

Notes with oak deck Post it dock

Installation

Allo

Chez Moi

~/.config/chezmoi/chezmoi.toml stores machine-specific configurations and data that customize how chezmoi generates your dotfiles on a particular machine.

 ~/.config
├── 1Password
│   └── ssh
│       └── agent.toml
├── Hookmark
│   ├── Help
│   │   └── help.webloc
│   ├── Hookmark Files
│   ├── notes
│   └── templates
│       ├── built-in templates
│       ├── custom templates
│       └── help.webloc
├── bck
│   └── busyContact
│       ├── BusyContacts_2025-08-21_16-56.babu
│       ├── BusyContacts_2025-08-22_16-56.babu
│       ├── BusyContacts_2025-08-23_19-25.babu
│       ├── BusyContacts_2025-08-24_20-32.babu
│       ├── BusyContacts_2025-08-25_20-32.babu
│       ├── BusyContacts_2025-08-26_20-32.babu
│       ├── BusyContacts_2025-08-27_20-32.babu
│       ├── BusyContacts_2025-08-28_20-32.babu
│       ├── BusyContacts_2025-08-29_20-44.babu
│       ├── BusyContacts_2025-08-30_20-49.babu
│       └── BusyContacts_2025-08-31_20-49.babu
├── bin
│   ├── 1pagePDF.applescript
│   ├── Ase2Clr
│   ├── Clr2Ase
│   ├── Clr2Obj
│   ├── Html2Ase
│   ├── Html2Clr
│   ├── cbr2cbz.sh
│   ├── checkCert.sh
│   ├── decrypt-file.py
│   ├── ds -> /Applications/Setapp/Dropshare.app/Contents/Resources/ds.sh
│   ├── encrypt-file.py
│   ├── getKeyServers.sh
│   ├── git-user-stats
│   ├── homeBrew
│   ├── loginItems
│   ├── loginItems-add
│   ├── loginItems-ls
│   ├── loginItems-rm
│   ├── photoTimeShift1Year.sh
│   ├── photosChangeDate.sh
│   ├── photosGeotagCreateCSV.sh
│   ├── photosGeotagCreateKML.sh
│   ├── photosOrganize.sh
│   ├── photosOutputList2CSV.sh
│   ├── photosRenameDateStamp.sh
│   ├── photosRenameLowerCase.sh
│   ├── photosRenameLowerCaseRecursively.sh
│   ├── photosUpdateDateEXIF.sh
│   ├── script-template.sh
│   ├── tidy.sh
│   ├── usbi
│   └── usbi.go
├── cache
│   ├── ansible-compat
│   │   ├── 4ffeee
│   │   └── 9fec08
│   └── typescript
│       └── 5.5
├── chezmoi
│   ├── chezmoi.toml
│   └── chezmoistate.boltdb
├── fontforge
│   └── plugin
├── git
│   ├── aliases
│   ├── aliases.old
│   ├── github_bhd
│   ├── gitignore_global
│   └── gitlab_gologic
├── karabiner
│   ├── assets
│   │   └── complex_modifications
│   ├── automatic_backups
│   │   ├── karabiner_20221025.json
│   │   ├── karabiner_20221103.json
│   │   ├── karabiner_20221107.json
│   │   ├── karabiner_20230107.json
│   │   ├── karabiner_20230109.json
│   │   └── karabiner_20241010.json
│   ├── karabiner VERY OLD.json
│   ├── karabiner.json
│   └── karabinerNew.json
├── macSetup
│   ├── doc
│   │   ├── CONTRIBUTING.md
│   │   ├── codeOfConduct.md
│   │   ├── dotFiles.md
│   │   ├── keyboard.md
│   │   ├── logo.png
│   │   ├── presentationNotes.md
│   │   ├── shell.md
│   │   └── tools.md
│   ├── group_vars
│   │   └── all
│   ├── roles
│   │   ├── backup
│   │   ├── common
│   │   └── provision
│   ├── LICENSE
│   ├── Makefile
│   ├── README.md
│   ├── ansible.cfg
│   ├── brew.sh
│   ├── inventory
│   ├── macSetup.yml
│   └── requirements.yml
├── mdless
│   ├── config.yml
│   └── mdless.theme
├── node_modules
│   ├── bin
│   │   ├── autoprefixer -> ../lib/node_modules/autoprefixer/bin/autoprefixer
│   │   ├── casperjs -> ../lib/node_modules/casperjs/bin/casperjs
│   │   ├── npm -> ../lib/node_modules/npm/bin/npm-cli.js
│   │   ├── npx -> ../lib/node_modules/npm/bin/npx-cli.js
│   │   ├── phantomjs -> ../lib/node_modules/phantomjs/bin/phantomjs
│   │   └── postcss -> ../lib/node_modules/postcss-cli/index.js
│   ├── etc
│   └── share
│       └── man
├── op
│   ├── config
│   └── op-daemon.sock
├── rclone
│   └── rclone.conf
├── vanityURLs
│   ├── build
│   │   └── _headers
│   ├── scripts
│   │   ├── lnk
│   │   └── validateURL
│   ├── dynamic.lnk
│   └── static.lnk
├── wireshark
│   ├── profiles
│   ├── recent
│   └── recent_common
├── xnviewmp
│   ├── Thumb.db
│   ├── XnView.db
│   └── xnview.ini
├── zsh
│   ├── houba
│   │   ├── dot_p10k.zsh
│   │   ├── dot_zprofile.tmpl
│   │   └── dot_zshrc.tmpl
│   ├── plugins
│   ├── aliases.zsh
│   ├── dircolors
│   ├── functions.zsh
│   └── secret
├── BHD.terminal
├── starship-dd.toml
└── starship.toml

~/.local/share/

~/.local/share/chezmoi houses the universal source of my dotfiles, which is shared via gitHub/bhdicaire/dotFiles and version-controlled across all my machines.

 ~/.local/share/
├── chezmoi
│   ├── home
│   │   ├── Documents
│   │   ├── Library
│   │   ├── dot_1password
│   │   ├── dot_aws
│   │   ├── dot_logseq
│   │   ├── dot_vim
│   │   ├── dot_vscode
│   │   ├── dot_zenmap
│   │   ├── private_dot_config
│   │   ├── private_dot_cups
│   │   ├── private_dot_docker
│   │   ├── private_dot_gnupg
│   │   ├── private_dot_ssh
│   │   ├── dot_bash_aliases.tmpl
│   │   ├── dot_bashrc_aliases-local
│   │   ├── dot_bashrc_completions-macOS
│   │   ├── dot_bashrc_config-local
│   │   ├── dot_bashrc_functions
│   │   ├── dot_bashrc_prompt
│   │   ├── dot_bashrc_prompt-config
│   │   ├── dot_curlrc
│   │   ├── dot_czrc
│   │   ├── dot_dir_colors
│   │   ├── dot_gitconfig
│   │   ├── dot_gitignore_global
│   │   ├── dot_inputrc
│   │   ├── dot_tmux.conf.tmpl
│   │   ├── dot_vanityURLs.conf
│   │   ├── dot_vimrc
│   │   ├── dot_wgetrc
│   │   ├── dot_zprofile.tmpl
│   │   ├── dot_zshenv
│   │   ├── empty_dot_hushlogin
│   │   ├── executable_dot_bash_profile
│   │   ├── executable_dot_bashrc_aliases
│   │   ├── executable_dot_bashrc_completions
│   │   ├── executable_dot_bashrc_config
│   │   ├── private_dot_editorconfig
│   │   └── private_dot_mackup.cfg
│   ├── LICENSE
│   ├── README.md
│   └── logo.png

~/.config

~/.config/chezmoi/chezmoi.toml stores machine-specific configurations and data that customize how chezmoi generates your dotfiles on a particular machine.

 ~/.config
├── 1Password
│   └── ssh
│       └── agent.toml
├── Hookmark
│   ├── Help
│   │   └── help.webloc
│   ├── Hookmark Files
│   ├── notes
│   └── templates
│       ├── built-in templates
│       ├── custom templates
│       └── help.webloc
├── bck
│   └── busyContact
│       ├── BusyContacts_2025-08-21_16-56.babu
│       ├── BusyContacts_2025-08-22_16-56.babu
│       ├── BusyContacts_2025-08-23_19-25.babu
│       ├── BusyContacts_2025-08-24_20-32.babu
│       ├── BusyContacts_2025-08-25_20-32.babu
│       ├── BusyContacts_2025-08-26_20-32.babu
│       ├── BusyContacts_2025-08-27_20-32.babu
│       ├── BusyContacts_2025-08-28_20-32.babu
│       ├── BusyContacts_2025-08-29_20-44.babu
│       ├── BusyContacts_2025-08-30_20-49.babu
│       └── BusyContacts_2025-08-31_20-49.babu
├── bin
│   ├── 1pagePDF.applescript
│   ├── Ase2Clr
│   ├── Clr2Ase
│   ├── Clr2Obj
│   ├── Html2Ase
│   ├── Html2Clr
│   ├── cbr2cbz.sh
│   ├── checkCert.sh
│   ├── decrypt-file.py
│   ├── ds -> /Applications/Setapp/Dropshare.app/Contents/Resources/ds.sh
│   ├── encrypt-file.py
│   ├── getKeyServers.sh
│   ├── git-user-stats
│   ├── homeBrew
│   ├── loginItems
│   ├── loginItems-add
│   ├── loginItems-ls
│   ├── loginItems-rm
│   ├── photoTimeShift1Year.sh
│   ├── photosChangeDate.sh
│   ├── photosGeotagCreateCSV.sh
│   ├── photosGeotagCreateKML.sh
│   ├── photosOrganize.sh
│   ├── photosOutputList2CSV.sh
│   ├── photosRenameDateStamp.sh
│   ├── photosRenameLowerCase.sh
│   ├── photosRenameLowerCaseRecursively.sh
│   ├── photosUpdateDateEXIF.sh
│   ├── script-template.sh
│   ├── tidy.sh
│   ├── usbi
│   └── usbi.go
├── cache
│   ├── ansible-compat
│   │   ├── 4ffeee
│   │   └── 9fec08
│   └── typescript
│       └── 5.5
├── chezmoi
│   ├── chezmoi.toml
│   └── chezmoistate.boltdb
├── fontforge
│   └── plugin
├── git
│   ├── aliases
│   ├── aliases.old
│   ├── github_bhd
│   ├── gitignore_global
│   └── gitlab_gologic
├── karabiner
│   ├── assets
│   │   └── complex_modifications
│   ├── automatic_backups
│   │   ├── karabiner_20221025.json
│   │   ├── karabiner_20221103.json
│   │   ├── karabiner_20221107.json
│   │   ├── karabiner_20230107.json
│   │   ├── karabiner_20230109.json
│   │   └── karabiner_20241010.json
│   ├── karabiner VERY OLD.json
│   ├── karabiner.json
│   └── karabinerNew.json
├── macSetup
│   ├── doc
│   │   ├── CONTRIBUTING.md
│   │   ├── codeOfConduct.md
│   │   ├── dotFiles.md
│   │   ├── keyboard.md
│   │   ├── logo.png
│   │   ├── presentationNotes.md
│   │   ├── shell.md
│   │   └── tools.md
│   ├── group_vars
│   │   └── all
│   ├── roles
│   │   ├── backup
│   │   ├── common
│   │   └── provision
│   ├── LICENSE
│   ├── Makefile
│   ├── README.md
│   ├── ansible.cfg
│   ├── brew.sh
│   ├── inventory
│   ├── macSetup.yml
│   └── requirements.yml
├── mdless
│   ├── config.yml
│   └── mdless.theme
├── node_modules
│   ├── bin
│   │   ├── autoprefixer -> ../lib/node_modules/autoprefixer/bin/autoprefixer
│   │   ├── casperjs -> ../lib/node_modules/casperjs/bin/casperjs
│   │   ├── npm -> ../lib/node_modules/npm/bin/npm-cli.js
│   │   ├── npx -> ../lib/node_modules/npm/bin/npx-cli.js
│   │   ├── phantomjs -> ../lib/node_modules/phantomjs/bin/phantomjs
│   │   └── postcss -> ../lib/node_modules/postcss-cli/index.js
│   ├── etc
│   └── share
│       └── man
├── op
│   ├── config
│   └── op-daemon.sock
├── rclone
│   └── rclone.conf
├── vanityURLs
│   ├── build
│   │   └── _headers
│   ├── scripts
│   │   ├── lnk
│   │   └── validateURL
│   ├── dynamic.lnk
│   └── static.lnk
├── wireshark
│   ├── profiles
│   ├── recent
│   └── recent_common
├── xnviewmp
│   ├── Thumb.db
│   ├── XnView.db
│   └── xnview.ini
├── zsh
│   ├── houba
│   │   ├── dot_p10k.zsh
│   │   ├── dot_zprofile.tmpl
│   │   └── dot_zshrc.tmpl
│   ├── plugins
│   ├── aliases.zsh
│   ├── dircolors
│   ├── functions.zsh
│   └── secret
├── BHD.terminal
├── starship-dd.toml
└── starship.toml

~/.local/share/

~/.local/share/chezmoi houses the universal source of my dotfiles, which is shared via gitHub/bhdicaire/dotFiles and version-controlled across all my machines.

 ~/.local/share/
├── chezmoi
│   ├── home
│   │   ├── Documents
│   │   ├── Library
│   │   ├── dot_1password
│   │   ├── dot_aws
│   │   ├── dot_logseq
│   │   ├── dot_vim
│   │   ├── dot_vscode
│   │   ├── dot_zenmap
│   │   ├── private_dot_config
│   │   ├── private_dot_cups
│   │   ├── private_dot_docker
│   │   ├── private_dot_gnupg
│   │   ├── private_dot_ssh
│   │   ├── dot_bash_aliases.tmpl
│   │   ├── dot_bashrc_aliases-local
│   │   ├── dot_bashrc_completions-macOS
│   │   ├── dot_bashrc_config-local
│   │   ├── dot_bashrc_functions
│   │   ├── dot_bashrc_prompt
│   │   ├── dot_bashrc_prompt-config
│   │   ├── dot_curlrc
│   │   ├── dot_czrc
│   │   ├── dot_dir_colors
│   │   ├── dot_gitconfig
│   │   ├── dot_gitignore_global
│   │   ├── dot_inputrc
│   │   ├── dot_tmux.conf.tmpl
│   │   ├── dot_vanityURLs.conf
│   │   ├── dot_vimrc
│   │   ├── dot_wgetrc
│   │   ├── dot_zprofile.tmpl
│   │   ├── dot_zshenv
│   │   ├── empty_dot_hushlogin
│   │   ├── executable_dot_bash_profile
│   │   ├── executable_dot_bashrc_aliases
│   │   ├── executable_dot_bashrc_completions
│   │   ├── executable_dot_bashrc_config
│   │   ├── private_dot_editorconfig
│   │   └── private_dot_mackup.cfg
│   ├── LICENSE
│   ├── README.md
│   └── logo.png

tree -L 3 --dirsfirst

Elgato Legacy and End-Of-Life Products ↩︎